top | item 42494678

(no title)

> This project […] contains only the necessary parts for realistic benchmarking

> The test program is a simple […] return string

I understand how this is required to measure the effects of sandboxing in isolation. And the result is impressive.

In what ways would you expect performance to be affected when workloads are more realistic as well?

discuss

I have a bit of experience in this, and adding monitoring, logging and observability doesn't really affect it compared to the non-sandboxing path: All of those things should already be happening. There should already be logging and statistics gathering as part of the larger service.

libriscv in interpreter mode is fast compared to other interpreters, but not near native performance. As I wrote earlier in the thread using something backed by KVM is what I would do if I were architecting a solution for someone. Eg. my TinyKVM KVM-based userspace emulator would fit the bill.